The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible ...
CERN

CERN’s KiCad component library now open source

Layout of a printed circuit board made using KiCad. The cornerstone of open source philosophy is that the recipients of technology should have access to all of its building blocks, such as software ...
Bleeping Computer

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. The security issue is tracked as CVE-2026-26956 and ...
Bleeping Computer

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly ...
Ars Technica

Here’s what that Claude Code source leak reveals about Anthropic’s plans

Yesterday’s surprise leak of the source code for Anthropic’s Claude Code revealed a lot about the vibe-coding scaffolding the company has built around its proprietary Claude model. But observers ...
CNET

Anthropic Accidentally Exposes Source Code for Claude Code

Steven Musil is a senior news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around ...
Reuters

Exclusive: SpaceX lines up 21 banks for mega IPO, code-named project Apex

March 31 - SpaceX is working with at least 21 banks on its blockbuster initial public offering, people familiar with the matter said on Tuesday, one of the largest underwriting ‌syndicates assembled ...
Gizmodo

Source Code for Anthropic’s Claude Code Leaks at the Exact Wrong Time

Anthropic just cannot keep a lid on its business. After details of a yet-to-be-announced model were revealed due to the company leaving unpublished drafts of documents and blog posts in a publicly ...
VentureBeat

Claude Code's source code appears to have leaked: here's what we know

VentureBeat made with Google Gemini 3.1 Pro Image Anthropic appears to have accidentally revealed the inner workings of one of its most popular and lucrative AI products, the agentic AI harness Claude ...
GameSpot

Arc Raiders Weather Monitoring System Project – All Steps And Rewards

GameSpot may receive revenue from affiliate and advertising partnerships for sharing this content and from purchases through links. Arc Raiders‘ Shrouded Sky update brings plenty for raiders to check ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

Microsoft Defender Experts identified a coordinated developer-targeting campaign delivered through malicious repositories disguised as legitimate Next.js projects and technical assessment materials.